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DETAILED ACTION 

1. Claims 1-5, 7, 10-16, 18, 21-23, 26, 28-33 are pending. 

2. Amendment filed 04/18/2006 has been received and 
considered. 

Claim Rejections - 35 USC § 103 

3. The following is a quotation of 35 U.S.C. 103(a) which 
forms the basis for all obviousness rejections set forth in this 
Office action: 

(a) A patent may not be obtained though the invention is not identically 
disclosed or described as set forth in section 102 of this title, if the 
differences between the subject matter sought to be patented and the prior 
art are such that the subject matter as a whole would have been obvious at 
the time the invention was made to a person having ordinary skill in the 
art to which said subject matter pertains. Patentability shall not be 
negatived by the manner in which the invention was made. 

4. Claims 1-5, 7, 12-16, 18, 23, 26, 29, and 33 are rejected 
under 35 U.S.C, 103(a) as being unpatentable over ConSeal PC 
FIREWALL Technical Summary (hereinafter ConSeal) in view of Hari 
et al (Detecting and resolving packet filter conflicts) and 
further in view of Coss et al (US 6098172). 

As per claims 1, 12, 23, 26 and 29, ConSeal discloses 
identifying a set of policies, each policy having a condition 
associated therewith; determining whether the conditions are 
met; and activating the policies whose associated conditions are 
determined to be met (see pages 1-2) wherein the activation of 
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the policies includes adding the policies to a set of a 
plurality of active policies, and executing security actions 
associated with the active policies if associated limits are met 
(see pages 1-2) . 

ConSeal fails to disclose the conditions represent 
different policies, which are based on priority and determining 
and resolving any conflicts and the conditions include a time 
factor, which is at least one of a timeframe, a predetermined 
time period, and a time limit. 

However, Hari et al teaches such policy priorities and 
conflict resolution (see page 1204 section II) and Coss et al 
teaches the use of a time factor (see column 2 lines 29-41) . 

At the time of the invention it would have been obvious to 
a person of ordinary skill in the art to use Hari et al's 
priorities and conflict resolution and the time- factors of Coss 
et al in the firewall system of ConSeal. 

Motivation to do so would have been to avoid matching 
multiple filters with confliction actions (see Hari et al page 
1204 section II) and to allow a given rule set to be modified 
based on events happening in the network without requiring that 
the entire rule set be reloaded (see Coss et al column 2 lines 
29-41) . 
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As per claims 2-3 and 13-14, the modified ConSeal, Hari et 
al and Coss et al system discloses activating the policies if 
the user confirms (see ConSeal page 2) . 

As per claims 4-5 and 15-16, the modified ConSeal, Hari et 
al and Coss et al system discloses updating includes receiving 
another inactive policy, determining whether the user accepts 
the inactive policy, and adding the inactive policy to the set 
if the user accepts the inactive policy (see ConSeal page 2) . 

As per claims 7 and 18, the modified ConSeal, Hari et al 
and Coss et al system discloses determining whether the 
conditions associated with the active policies are still met, 
and de-activating the active policies if the associated 
conditions are not met {see bottom of page 1 to the top of page 
2) . 

As per claim 33, the modified ConSeal, Hari et al and Coss 
et al system discloses the identifying, determining and 
activating are controlled locally (see ConSeal page 1) • 
5. Claims 10 and 21 are rejected under 35 U.S.C. 103(a) as 
being unpatentable over the modified ConSeal, Hari et al and 
Coss et al system as applied to claims 1 and 12 above, and 
further in view of Beebe et al (US 200100141150) . 
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As per claims 10 and 21, the modified ConSeal, Hari et al 
and Coss et al system fails to disclose the conditions include a 
source of the policies. 

However Beebe et al teaches such condition (see paragraph 

227). 

At the time of the invention it would have been obvious to 
a person of ordinary skill in the art to include the source of a 
policy in the conditions of the modified ConSeal, Hari et al and 
Coss et al system. 

Motivation to do so would have been to implement a multi- 
tiered policy (see paragraph 226) . 

6. Claims 11 and 22 are rejected under 35 U.S.C. 103(a) as 
being unpatentable over the modified ConSeal, Hari et al and 
Coss et al system as applied to claims 1 and 12 above, and 
further in view of Porras et al (US 6704874) . 

As per claims 11 and 22, the modified ConSeal, Hari et al 
and Coss et al system fails to disclose the conditions include a 
severity of the security actions associated with the policies. 

However, Porras et al teaches such a prioritization 
technique (see column 2 lines 46-51 where a more severe of the 
attack requires a more severe action) . 

At the time of the invention it would have been obvious to 
a person of ordinary skill in the art to use Porras et al's 
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prioritization teaching in the modified ConSeal, Hari et al and 
Coss et al system. 

Motivation to do so would have been to allow for a tag to 
be included to relate the severity. 

7. Claim 28 is rejected under 35 U.S.C. 103(a) as being 
unpatentable over the modified ConSeal, Hari et al and Coss et 
al system as applied to claim 1 above, and further in view of 
Brock et al (US 20030110393) . 

As per claim 28, the modified ConSeal, Hari et al and Coss 
et al system fails to disclose the conditions represent an 
urgency associated with an issue causing the policy to be 
activated. 

However, Brock et al teaches such a priority based on 
urgency (see paragraph 5) . 

At the time of the invention it would have been obvious to 
a person of ordinary skill in the art to use Brock et al's 
teaching of urgency based priority in the modified ConSeal, Hari 
et al and Coss et al system. 

Motivation to do so would have been to alert the network 
administrator . 

8. Claims 30-32 are rejected under 35 U.S.C. 103(a) as being 
unpatentable over the modified ConSeal, Hari et al and Coss et 
al system as applied to claim 1 above, and further in view of 
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Cisco (IPSec User Guide for the Cisco Secure FIX Firewall 
Version 5.2) . 

As per claims 30-32, the modified ConSeal, Hari et al and 
Coss et al system fails to disclose three policies with 
different priorities having different valid time periods. 

However Cisco teaches such polices {see ''Enabling and 
Configuring IKE" pages 6-1 and 6-2) , 

At the time of the invention it would have been obvious to 
a person of ordinary skill in the art to use the policies of 
Cisco in the modified ConSeal, Hari et al and Coss et al system. 

Motivation to do so would have been to allow the firewall 
to use Internet Key Exchange (see top of page 6-1) . 

Response to Arguments 

9. Applicant's arguments with respect to the newly added 
limitations to claims 1, 12, 23, 26 and 28 have been considered 
but are moot in view of the new ground (s) of rejection. 

Applicant's arguments filed 04/18/2006 have been fully 
considered but they are not persuasive. Applicant argues: 
ConSeal fails to disclose executing security actions associated 
with the active policies if associated limits are met; Hari 
teaches away from the claimed priority policy; ConSeal fails to 
disclose user confirmation to activate the policies; ConSeal 
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fails to disclose receiving an inactive policy and adding it if 
the user accepts; Beebe fails to disclose the conditions include 
a source of the policies; Porras fails to disclose including a 
severity of security actions associated with the policies; Brock 
fails to disclose the conditions represent an urgency associated 
with an issue causing the policy to be activated. 

With respect to Applicant's argument that ConSeal fails to 
disclose executing security actions associated with the active 
policies if associated limits are met, each time a packet is 
filtered (i.e. not allowed through the firewall) that is the 
ConSeal firewall executing a security action associated with the 
active policies when a limit is met. 

With respect to Applicant's argument that Hari teaches away 
from the claimed priority policy, the priority based system of 
Hari teaches that each filter (i.e. policy) has a different 
priority and when a packet matches more than one filter, which 
ever filter has a higher priority is used. Therefore, Hari does 
not teach away from the claimed limitation of, ^^wherein a first 
policy with a higher priority has a first condition associated 
therewith that is different from a second condition associated 
with a second policy with a lower priority such that the first 
policy and second policy are activated under different priority 
related conditions". 
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With respect to Applicant's argument that ConSeal fails to 
disclose user confirmation to activate the policies, when a rule 
in ConSeal has not been used before and the system is in Checked 
Learning Mode, the user is prompted to make a rule for the 
packet (i.e. allow or disallow). When the user selects an 
action the user is confirming the activation of a rule. 

With respect to Applicant's argument that ConSeal fails to 
disclose receiving an inactive policy and adding it if the user 
accepts, ConSeal allows for an administrator to make a rule 
remotely and a user can download this rule (as evidenced by page 
4 of the Mien reference supplied on 09/21/2005) . When a user 
chooses to download a policy it is inactive and by going to 
download the policy the user is inherently accepting it. 

With respect to Applicant's argument that Beebe fails to 
disclose the conditions include a source of the policies, the 
rules of Beebe are based on the source of the rules and every 
rule has conditions; therefore Beebe teaches the conditions 
include a source of the policy. 

With respect to Applicant's argument that Pbrras fails to 
disclose including a severity of security actions associated 
with the policies, Porras teaches tagging alerts with a flag 
indicating the severity of the attack. These alerts are 
generated based on filtering conditions being met (see column 1 
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lines 51-62) and therefore are associated with the conditions 
being met. 

With respect to Applicant's argument that Brock fails to 
disclose the conditions represent an urgency associated with an 
issue causing the policy to be activated, Brock teaches 
including an indication of urgency with an alert when a 
condition is met and since the indication is based on conditions 
being met causing the administrator to act the are causing a 
policy to be activated. 

Applicant is reminded that one cannot show nonobviousness 
by attacking references individually where the rejections are 
based on combinations .of references. See In re Keller, 642 
F.2d 413, 208 USPQ 871 (CCPA 1981); In re Merck & Co., 800 
F.2d 1091, 231 USPQ 375 (Fed. Cir. 1986). Each secondary 
reference is relied upon for a teaching and the combination must 
be considered as a whole. 

Conclusion 

10. Applicant's amendment necessitated the new ground (s) of 
rejection presented in this Office action. Accordingly, THIS 
ACTION IS MADE PINAL. See MPEP § 706.07(a). Applicant is 
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reminded of the extension of time policy as set forth in 37 
CFR 1.136(a) . 

A shortened statutory period for reply to this final action 
is set to expire THREE MONTHS from the mailing date of this 
action. In the event a first reply is filed within TWO MONTHS 
of the mailing date of this final action and the advisory action 
is not mailed until after the end of the THREE-MONTH shortened 
statutory period, then the shortened statutory period will 
expire on the date the advisory action is mailed, and any 
extension fee pursuant to 37 CFR 1.136(a) will be calculated 
from the mailing date of the advisory action. In no event, 
however, will the statutory period for reply expire later than 
SIX MONTHS from the date of this final action. 

Any inquiry concerning this communication or earlier 
communications from the examiner should be directed to Michael 
Pyzocha whose telephone number is (571) 272-3875. The examiner 
can normally be reached on 7:00am - 4:30pm first Fridays of the 
bi-week off. 

If attempts to reach the examiner by telephone are 
unsuccessful, the examiner's supervisor, Emmanuel Moise can be 
reached on (571) 272-3865. The fax phone number for the 
organization where this application or proceeding is assigned is 
703-872-9306. 
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Information regarding the status of an application may be 
obtained from the Patent Application Information Retrieval 
(PAIR) system. Status information for published applications 
may be obtained from either Private PAIR or Public PAIR. Status 
information for unpublished applications is available through 
Private PAIR only. For more information about the PAIR system, 
see http://pair-direct.uspto.gov. Should you have questions on 
access to the Private PAIR system, contact the Electronic 
Business Center (EBC) at 866-217-9197 (toll-free) . 



MJP 



EMMANUEL L MOISE 
SUPERVISORY PATENT EXAMINER 




